diff --git a/lam/templates/3rdParty/pla/htdocs/add_attr_form.php b/lam/templates/3rdParty/pla/htdocs/add_attr_form.php
index a0a2996a..52c54821 100644
--- a/lam/templates/3rdParty/pla/htdocs/add_attr_form.php
+++ b/lam/templates/3rdParty/pla/htdocs/add_attr_form.php
@@ -17,7 +17,7 @@ $request['dn'] = get_request('dn','GET');
# Check if the entry exists.
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
- error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php');
+ error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php');
$request['page'] = new TemplateRender($app['server']->getIndex(),get_request('template','REQUEST',false,null));
$request['page']->setDN($request['dn']);
diff --git a/lam/templates/3rdParty/pla/htdocs/add_oclass_form.php b/lam/templates/3rdParty/pla/htdocs/add_oclass_form.php
index 87d61c5f..0d574cba 100644
--- a/lam/templates/3rdParty/pla/htdocs/add_oclass_form.php
+++ b/lam/templates/3rdParty/pla/htdocs/add_oclass_form.php
@@ -21,7 +21,7 @@ $request['dn'] = get_request('dn','REQUEST',true);
# Check if the entry exists.
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
- error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php');
+ error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php');
$request['page'] = new TemplateRender($app['server']->getIndex(),get_request('template','REQUEST',false,null));
$request['page']->setDN($request['dn']);
diff --git a/lam/templates/3rdParty/pla/htdocs/add_value_form.php b/lam/templates/3rdParty/pla/htdocs/add_value_form.php
index 66d9757d..d675a6fa 100644
--- a/lam/templates/3rdParty/pla/htdocs/add_value_form.php
+++ b/lam/templates/3rdParty/pla/htdocs/add_value_form.php
@@ -19,7 +19,7 @@ $request['attr'] = get_request('attr','GET',true);
# Check if the entry exists.
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
- error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php');
+ error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php');
$request['page'] = new TemplateRender($app['server']->getIndex(),get_request('template','REQUEST',false,null));
$request['page']->setDN($request['dn']);
@@ -105,7 +105,7 @@ if (! strcasecmp($request['attr'],'objectclass') || get_request('meth','REQUEST'
foreach ($socs as $name => $oclass) {
# Exclude any structural ones, that are not in the heirachy, as they'll only generate an LDAP_OBJECT_CLASS_VIOLATION
if (($oclass->getType() == 'structural') && ! $oclass->isRelated($request['attribute']->getValues()))
- continue;
+ continue;
printf('',$oclass->getName(false),$oclass->getName(false));
}
diff --git a/lam/templates/3rdParty/pla/htdocs/compare.php b/lam/templates/3rdParty/pla/htdocs/compare.php
index ec204e1b..dc0e53dd 100644
--- a/lam/templates/3rdParty/pla/htdocs/compare.php
+++ b/lam/templates/3rdParty/pla/htdocs/compare.php
@@ -21,10 +21,10 @@ $ldap['SRC'] = $_SESSION[APPCONFIG]->getServer(get_request('server_id_src'));
$ldap['DST'] = $_SESSION[APPCONFIG]->getServer(get_request('server_id_dst'));
if (! $ldap['SRC']->dnExists($request['dnSRC']))
- error(sprintf('%s (%s)',_('No such entry.'),pretty_print_dn($request['dnSRC'])),'error','index.php');
+ error(sprintf('%s (%s)',_('No such entry.'),pretty_print_dn(htmlspecialchars($request['dnSRC']))),'error','index.php');
if (! $ldap['DST']->dnExists($request['dnDST']))
- error(sprintf('%s (%s)',_('No such entry.'),pretty_print_dn($request['dnDST'])),'error','index.php');
+ error(sprintf('%s (%s)',_('No such entry.'),pretty_print_dn(htmlspecialchars($request['dnDST']))),'error','index.php');
$request['pageSRC'] = new PageRender($ldap['SRC']->getIndex(),get_request('template','REQUEST',false,'none'));
$request['pageSRC']->setDN($request['dnSRC']);
diff --git a/lam/templates/3rdParty/pla/htdocs/compare_form.php b/lam/templates/3rdParty/pla/htdocs/compare_form.php
index e519c965..520b24db 100644
--- a/lam/templates/3rdParty/pla/htdocs/compare_form.php
+++ b/lam/templates/3rdParty/pla/htdocs/compare_form.php
@@ -18,7 +18,7 @@ $request['dn'] = get_request('dn','GET');
# Check if the entry exists.
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
- error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php');
+ error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php');
$request['page'] = new PageRender($app['server']->getIndex(),get_request('template','REQUEST',false,'none'));
$request['page']->setDN($request['dn']);
diff --git a/lam/templates/3rdParty/pla/htdocs/copy.php b/lam/templates/3rdParty/pla/htdocs/copy.php
index 40c64830..74b7d88e 100644
--- a/lam/templates/3rdParty/pla/htdocs/copy.php
+++ b/lam/templates/3rdParty/pla/htdocs/copy.php
@@ -28,11 +28,11 @@ if ($ldap['DST']->isReadOnly())
error(('Destination server is currently READ-ONLY.'),'error','index.php');
if ($ldap['DST']->dnExists($request['dnDST']))
- error(sprintf(_('The destination entry (%s) already exists.'),pretty_print_dn($request['dnDST'])),'error','index.php');
+ error(sprintf(_('The destination entry (%s) already exists.'),pretty_print_dn(htmlspecialchars($request['dnDST']))),'error','index.php');
if (! $ldap['DST']->dnExists($ldap['DST']->getContainer($request['dnDST'])))
error(sprintf(_('The container you specified (%s) does not exist. Please try again.'),
- pretty_print_dn($ldap['DST']->getContainer($request['dnDST']))),'error','index.php');
+ pretty_print_dn(htmlspecialchars($ldap['DST']->getContainer($request['dnDST'])))),'error','index.php');
if (pla_compare_dns($request['dnSRC'],$request['dnDST']) == 0 && $ldap['SRC']->getIndex() == $ldap['DST']->getIndex())
error(_('The source and destination DN are the same.'),'error','index.php');
diff --git a/lam/templates/3rdParty/pla/htdocs/copy_form.php b/lam/templates/3rdParty/pla/htdocs/copy_form.php
index cc77429a..ca3c04e0 100644
--- a/lam/templates/3rdParty/pla/htdocs/copy_form.php
+++ b/lam/templates/3rdParty/pla/htdocs/copy_form.php
@@ -17,7 +17,7 @@ $request['dn'] = get_request('dn','GET');
# Check if the entry exists.
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
- error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php');
+ error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php');
$request['page'] = new PageRender($app['server']->getIndex(),get_request('template','REQUEST',false,'none'));
$request['page']->setDN($request['dn']);
diff --git a/lam/templates/3rdParty/pla/htdocs/delete.php b/lam/templates/3rdParty/pla/htdocs/delete.php
index 73d7f7fb..ff373199 100644
--- a/lam/templates/3rdParty/pla/htdocs/delete.php
+++ b/lam/templates/3rdParty/pla/htdocs/delete.php
@@ -16,7 +16,7 @@ $request = array();
$request['dn'] = get_request('dn','REQUEST',true);
if (! $app['server']->dnExists($request['dn']))
- error(sprintf('%s (%s)',_('No such entry.'),''.pretty_print_dn($request['dn']).''),'error','index.php');
+ error(sprintf('%s (%s)',_('No such entry.'),''.pretty_print_dn(htmlspecialchars($request['dn'])).''),'error','index.php');
# Delete the entry.
$result = $app['server']->delete($request['dn']);
diff --git a/lam/templates/3rdParty/pla/htdocs/delete_attr.php b/lam/templates/3rdParty/pla/htdocs/delete_attr.php
index c33c5e7a..c6bf1592 100644
--- a/lam/templates/3rdParty/pla/htdocs/delete_attr.php
+++ b/lam/templates/3rdParty/pla/htdocs/delete_attr.php
@@ -17,7 +17,7 @@ $request['attr'] = get_request('attr','REQUEST',true);
$request['index'] = get_request('index','REQUEST',true);
if ($app['server']->isAttrReadOnly($request['attr']))
- error(sprintf(('The attribute "%s" is flagged as read-only in the phpLDAPadmin configuration.'),$request['attr']),'error','index.php');
+ error(sprintf(('The attribute "%s" is flagged as read-only in the phpLDAPadmin configuration.'),htmlspecialchars($request['attr'])),'error','index.php');
$update_array = array();
$update_array[$request['attr']] = $app['server']->getDNAttrValue($request['dn'],$request['attr']);
diff --git a/lam/templates/3rdParty/pla/htdocs/download_binary_attr.php b/lam/templates/3rdParty/pla/htdocs/download_binary_attr.php
index 251f2deb..1338ba38 100644
--- a/lam/templates/3rdParty/pla/htdocs/download_binary_attr.php
+++ b/lam/templates/3rdParty/pla/htdocs/download_binary_attr.php
@@ -21,13 +21,13 @@ $request['type'] = get_request('type','GET',false,'octet-stream');
$request['filename'] = get_request('filename','GET',false,sprintf('%s:%s.bin',get_rdn($request['dn'],true),$request['attr']));
if (! $app['server']->dnExists($request['dn']))
- error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php');
+ error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php');
$search = $app['server']->getDNAttrValues($request['dn'],null,LDAP_DEREF_NEVER,array($request['attr']));
# Dump the binary data to the browser
$obStatus = ob_get_status();
-if (isset($obStatus['type']) && $obStatus['type'] && $obStatus['status'])
+if (isset($obStatus['type']) && $obStatus['type'] && $obStatus['status'])
ob_end_clean();
if (! isset($search[$request['attr']][$request['index']])) {
diff --git a/lam/templates/3rdParty/pla/htdocs/template_engine.php b/lam/templates/3rdParty/pla/htdocs/template_engine.php
index 1cfaba98..224a52dc 100644
--- a/lam/templates/3rdParty/pla/htdocs/template_engine.php
+++ b/lam/templates/3rdParty/pla/htdocs/template_engine.php
@@ -12,7 +12,7 @@ The template engine has the following responsibilities:
* If we are passed a DN, then we are editing an existing entry
* If we are not passed a DN, then we are passed a container (and creating a new entry in that container)
-In both cases, we are optionally passed a template ID.
+In both cases, we are optionally passed a template ID.
* If we have a template ID, then we'll render the creation/editing using that template
* If we are not passed a template ID, then we'll either:
* Present a list of available templates,
@@ -42,7 +42,7 @@ $request['page'] = new TemplateRender($app['server']->getIndex(),get_request('te
# If we have a DN, then this is to edit the entry.
if ($request['dn']) {
$app['server']->dnExists($request['dn'])
- or error(sprintf('%s (%s)',_('No such entry'),pretty_print_dn($request['dn'])),'error','index.php');
+ or error(sprintf('%s (%s)',_('No such entry'),pretty_print_dn(htmlspecialchars($request['dn']))),'error','index.php');
$request['page']->setDN($request['dn']);
$request['page']->accept();
diff --git a/lam/templates/3rdParty/pla/htdocs/update.php b/lam/templates/3rdParty/pla/htdocs/update.php
index 5f31f28a..fafda95b 100644
--- a/lam/templates/3rdParty/pla/htdocs/update.php
+++ b/lam/templates/3rdParty/pla/htdocs/update.php
@@ -24,7 +24,7 @@ if (get_request('cancel','REQUEST')) {
}
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
- error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php');
+ error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php');
$request['page'] = new PageRender($app['server']->getIndex(),get_request('template','REQUEST',false,'none'));
$request['page']->setDN($request['dn']);
diff --git a/lam/templates/3rdParty/pla/htdocs/update_confirm.php b/lam/templates/3rdParty/pla/htdocs/update_confirm.php
index 69735e22..6e91fa8f 100644
--- a/lam/templates/3rdParty/pla/htdocs/update_confirm.php
+++ b/lam/templates/3rdParty/pla/htdocs/update_confirm.php
@@ -20,7 +20,7 @@ $request = array();
$request['dn'] = get_request('dn','REQUEST',true);
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
- error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php');
+ error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php');
$request['page'] = new PageRender($app['server']->getIndex(),get_request('template','REQUEST',false,'none'));
$request['page']->setDN($request['dn']);